TRENDS The Usual Suspects and the Ignoble Art of State-sponsored Cyber-war

The United States military currently views cyberspace as the ‘fifth domain’ of warfare (alongside land, air, sea, and space), and the US Department of Defense, the , and the CIA all field teams of hackers who can, and do, launch computer virus strikes against enemy targets – Sidharth Shekhar

lobally, the state-sponsored cyber theft influence the outcome of the US presidential election. bureaucracy exists despite repeated denials Since the advent of the internet, espionage has by top government officials. In his latest moved beyond the physical to the digital world. Ginterview to the Guardian, Mr. Andrew According to David Emm, Principal Security Researcher, Parker, the head of MI5, Britain’s counter-intelligence and Global Research & Analysis Team, , “The security agency, highlighted the threat of Russian cyber Global Research and Analysis Team has analyzed a attacks against Britain. number of attacks in the last six years that we believe are Mr. Parker said that the scale and potential state-sponsored. They are , , Gauss, consequences of the hacks have helped widen the rift of (and miniFlame), (aka The Mask), Regin, Duqu distrust between the two countries, in particular, evoking 2.0 and Equation. The length of time taken to develop Cold War tensions between Russia and the Western world. these attacks, their sophistication and the intelligence Security analysts have serious concerns about required to carry out such focused attacks all suggest Russian cyber attacks that have generated multiple nation-state involvement.” headlines over the past year, particularly after a self- In early 2015, it was GReAT that reported the styled hacker known as “ 2.0” claimed to be the Equation attacks and the code in some modules dated source of the leaks. WikiLeaks did not reveal its source; back to 2001. In general, such attacks are designed to however, cyber security experts and firms believe that steal confidential data from their victims. However, the leak was part of a series of cyber attacks on the DNC this is not always the case. It is generally believed and committed by two Russian intelligence groups. accepted that Stuxnet was intended to sabotage a Later, the United States Department of Homeland specific industrial process. In some cases, Kaspersky Lab Security and the Office of the Director of National has identified links between state-sponsored attacks. Intelligence stated that the US intelligence community Also, there are clear connections between Stuxnet, had a very strong reason to believe that the Russian Duqu, Gauss and Flame, indicating that they were government was behind this breach in an attempt to developed from a common platform.

8 PCQuest DECEMBER 2016 pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] 9/11 attacks Threats have also evolved over time, taking Post-9/11, the U.S. spy agencies have built an intelligence- advantage of new technology and exploiting the way gathering colossus to provide critical information to we use this technology. For example, cybercrime was the president on a range of national security threats. impossible before the web was used for a significant While traditional HUMINT (Human Intelligence) relied on volume of financial transactions; this is why, before 2003, SADR — spotting, assessing, developing and recruiting malware was essentially cyber-vandalism – designed to for information, the SIGINT (Signals intelligence) collects disrupt systems. information by gathering and analyzing the electronic signals and communications of a given target. Security as an investment Driven by the rise of the internet and new forms In any area of human activity, development occurs of electronic communications, intelligence gathering unevenly, for a variety of reasons – economic, political or has grown for decades, and now it has the potential to cultural. Countries don’t necessarily follow the same curve gather and exploit the data on real-time basis. of development as those who break new ground first: they might continue to lag behind, catch up or even leap The Chinese threat ahead of other regions – depending on the conditions According to the Commission on the Theft of American they face. This is no less true in the field of IT security. Intellectual Property, America’s largest trading partner – According to David Emm, “The widespread use of China – accounts for as much as 70 percent of the losses pirated software or content in some regions affects the the United States incurs. cyber-security posture of a region. However, I would China’s successful growth strategy relies on say that the fundamentals of cyber-security remain the acquiring science and technology at any costs both same across countries. This includes securing systems, legally and illegally. Their national industrial policy applying security updates to operating systems and goal encourages IP theft, and an extraordinary number applications and education.” of Chinese in business and government entities are “It’s important to recognize that security is a process engaged in this practice. – so the strategy and the technologies used to secure In July this year, a Chinese national was sentenced in systems must be reviewed regularly, to ensure that they Los Angeles to three years and 10 months in prison for are fit-for-purpose,” he added. hacking US defense contractors. The group managed to steal sensitive data by hacking into the computer net- Attack on critical systems works of major defense contractors and sent the informa- In late 2014, a German steel mill was the target of a cyber tion to China. It’s a known fact that Chinese hackers have attack when hackers took control of the production been spying on governments and businesses in South- software and caused significant material damage to the east Asia and uninterrupted for a decade. site. This was the second such attack to be reported after an attack targeting a uranium enrichment centrifuge in Internet as we know it in 2010. The internet was actually designed to be a decentral- If cyber attacks are now able to cause damage to ized network. The predecessor of the modern internet, infrastructure, then populations can be impacted as well. ARPANET, was developed during the Cold War by the Noted American journalist and author Shane Harris US Defense Advanced Research Projects Agency (ARPA, in his book, @War – The Rise of Cyber Warfare states that later renamed DARPA) as a robust and decentralized the United States military currently views cyberspace as alternative to existing communication platforms like the the ‘fifth domain’ of warfare (alongside land, air, sea, and telephone system. So, it is also important to recognize space), and the US Department of Defense, the National that the internet didn’t come into being fully-formed. Security Agency, and the CIA all field teams of hackers Rather, it grew and evolved over time. The internet as we who can, and do, launch computer virus strikes against understand and use today goes far beyond its original enemy targets. U.S. hackers have played a significant role purpose. In particular, it wasn’t designed with security in the recent war in Iraq. in mind, since this only became a need once it became Cyber criminals and activist groups most often act an open system – especially once it came to underpin so with the technical and financial support of state agen- many social transactions (banking, commerce, network- cies. Some states proceed in this manner to disrupt an ing, etc.). And retro-fitting security is always a challenge, enemy state and digital infrastructure is the new battle- since it must be done without affecting the functions that ground on which rules of engagement of present-day have become an essential part of the system. conflicts are re-written. pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] DECEMBER 2016 PCQuest 9